diff --git a/setup/pi-monitoring/README.md b/setup/pi-monitoring/README.md new file mode 100644 index 0000000..c318af8 --- /dev/null +++ b/setup/pi-monitoring/README.md @@ -0,0 +1,61 @@ +# Pi Monitoring Stack + +Purpose: turn a Raspberry Pi 4 (8GB) into a low-power monitoring/control plane for your Gitea migration environment. + +This module deploys: +- Portainer (single admin view) +- Grafana (dashboards) +- Prometheus (metrics) +- Uptime Kuma (service checks) +- Node Exporter + cAdvisor (Pi host + container metrics) + +## Folder Contents + +- `bootstrap_pi.sh`: first-time host prep (packages, Docker, firewall, hardening) +- `mount_ssd.sh`: format/mount SSD and create persistent data paths +- `deploy_stack.sh`: deploy monitoring stack with Docker Compose +- `upgrade_stack.sh`: pull new images and recreate stack +- `backup_stack.sh`: backup stack data/config to `OPS_ROOT/backups` +- `restore_stack.sh`: restore from backup archive +- `status.sh`: show service status and endpoint reachability +- `teardown_stack.sh`: stop/remove stack; optionally delete stack data +- `install_portainer_agent_remote.sh`: install Portainer Agent on Fedora/Unraid +- `docker-compose.yml`: stack definition +- `stack.env.example`: environment template +- `prometheus/prometheus.yml`: Prometheus config +- `USAGE_GUIDE.md`: full setup and operations guide + +## Quick Start + +Run on the Raspberry Pi host: + +```bash +cd /path/to/gitea-migration/setup/pi-monitoring + +./bootstrap_pi.sh --yes +./mount_ssd.sh --device=/dev/sda1 --yes + +cp stack.env.example stack.env +# edit stack.env and set a strong GRAFANA_ADMIN_PASSWORD + +./deploy_stack.sh --yes +./status.sh +``` + +Then from your admin machine, install Portainer agent on remote Docker hosts: + +```bash +./install_portainer_agent_remote.sh --host= --user= --port=22 --yes +./install_portainer_agent_remote.sh --host= --user= --port=22 --yes +``` + +In Portainer UI (`https://:9443`), add environments using: +- `tcp://:9001` +- `tcp://:9001` + +## Security Notes + +- `stack.env` contains secrets; do not commit it. +- Portainer Agent exposes Docker control on `9001`; keep it inside trusted LAN/VPN. +- Keep UFW enabled and only expose required ports. +- Use SSD for durability; avoid long-term DB workloads on SD card.